This blog is a personal book on Security/ IDM related thoughts/opinions.
The blog posts are a personal opinion only and neither reflect the views of current/past employers nor any OTHER person living/dead on this planet.

Google Site Search

Enter your search termsSubmit search form

Web

jboss.org

anil-identity.blogspot.com

Monday, March 19, 2012

Background

There is no denying that Social Media is growing
leaps and bounds. The concept of social login has prevailed. Facebook
and Google have turned out to the holders of user information that can
be used to be the secure gateway into your web applications. Facebook /
Google Users are part of what is called "Consumer Identity".
In
this article, we will look at a simple web application as part of the
PicketLink Social Project, that can help you visualize addition of
Facebook Connect / Google Authentication to your web applications. We
will use the fast, free and awesome JBoss Application Server v7 as the
runtime.

What is needed?

You will need to get hold of

JBoss Application Server v7.1 (at the time of writing, v7.1.1.Final was the latest).

Use the self contained picketlink-reg.war.

Steps to follow

Follow the JBoss AS7 user guide to extract the server. It is mainly just unzipping a zip archive.

Now copy the attached picketlink-reg.war to standalone/deployments directory of JBoss AS7.

You
need to make some configuration changes to
standalone/configuration/standalone.xml file to add a security domain as
well as a bunch of system properties.

What
Ihave done is inserted a block of security domain configuration inside
the security configuration and before the security domain "other".

Define a bunch of system properties.

extensions>

<system-properties>

<propertyname="CLIENT_ID"value="Insert_your_client_id"/>

<propertyname="CLIENT_SECRET"value="Insert_your_client_secret"/>

system-properties>

<management>

<security-realms>

We
have defined a block for system properties at the end of the block for
extensions and the beginning of management. Please have a look at the
wiki article on JBoss AS7 System Properties, for more information.

Note that I am assuming that your app is deployed on localhost. If the domain is different, then you have to define an additional system property called "RETURN_URL" that gives a value such as "http://thedomain/picketlink-reg/auth" (replace thedomain with whatever value you want).

How to test the web application?

You can go to http://localhost:8080/picketlink-reg/Now you can login either using Facebook Connect or Google Authentication.Note
that the attached web application just outputs the name of the
authenticated user and the email address. You can get more information
if desired by changing the configuration settings.

What changes do we need to make a web application use Facebook Connect or Google Authentication as its Authentication Mechanism?

You
will need to configure the ExternalAuthenticator in
WEB-INF/jboss-web.xml Look at how the attached picketlink-reg.war
application does it.

Friday, March 16, 2012

With great privilege and honor, I want to share this exciting piece of information that JBoss Community (http://www.jboss.org) has been officially accepted as a participating organization at the Google Summer of Code 2012.

In my view, the GSOC Ideas Page (https://community.jboss.org/wiki/GSOC12Ideas) is a clear indication of the amazing variety of Open Source Projects hosted at JBoss Community as well as the enthusiasm and team work displayed by all potential administrators and mentors.

Here is to a successful summer for our mentors and students as part of GSOC 12.

Special thanks to Dan Allen, James Cobb and all the participating mentors to have made this JBoss initiative for GSOC 12 possible.

Real Team Work at JBoss Community to clear the first step in the GSOC 12 Program.

Wednesday, March 14, 2012

My Rating: 5 out of 5 stars. (Strong Buy)Why you need to buy this book?1) There is no other strong book on Java Performance in the market.2) Written by experts who deal with improving the performance of the Hotspot Java VM, on a daily basis.3)
Extensive description on the internals of the Hotspot JVM. Previously
the JVM was a blackbox that would run your Java applications. This book
will lay out the JVM as an open book. So you have an opportunity to
master the JVM.4) It is from Addison Wesley who publish GREAT books.My Favorite Chapters:Chapter 3: JVM Overview.Chapter 4: JVM Performance MonitoringChapter 5: Tuning the JVM, Step by StepReview:I
have had this book for a month now. But I have not read it completely.
The reason is that this is an advanced topic. The book goes into deep
lengths to describe the Hotspot JVM concepts that you have to tread very
slowly. I mean very very slowly.My
approach has been to go to the chapters which I am interested in. Then
go back to the chapters that give background information. I strongly
recommend that you keep this book close to your work area, because you
will require it often, to not only brush up on your reading but also to
use it as a reference, when you tune your Java applications. BUT THIS
BOOK IS A DEFINITE MUST FOR YOUR COLLECTION.Let us go chapter by chapter on the ones I have read.Chapter 2: Operating System Performance MonitoringI particularly liked the treatment on “monitoring CPU utilization” on various operating systems (windows, linux etc).There is a lot of information on Memory Usage Monitoring, Disk IO Monitoring that a performance engineer will definitely need.Chapter 3: JVM OverviewThis is a brilliantly written chapter.Right
at the start, the authors state that the users of Java technology see
the JVM as a blackbox. My opinion : Well, this is the irony or fact or
destiny or whatever. Java Performance has been voodoo over the years.
Extensive documentation (that is not confusing) along with reasonable
JVM defaults, is the way to go.The
chapter does very well to talk about the ordinary object pointers
(OOPS) and the new JDK6+ feature called “compressed oops” to get 32bit
like performance on 64bit JVMs. The gist is that compressed oops feature
will improve the cpu cache utilization.The
chapter goes into great length to talk about class loading, internal VM
architecture etc. A very very good chapter. Read the section on
Garbage collection. There is great discussion on the generations as well
as on collectors etc.Chapter 7: Tuning the JVM step by stepThis
chapter is just a beauty. There is around 70 pages devoted to this
chapter. So much content just for JVM tuning. Probably, this topic
requires a 1000 pages. But the authors have done the JVM tuning as part
of their jobs. So they have condensed the topic in to 70 pages based on
their years of experience. I
will update this review as I finish reading the other chapters. I can
grumble that the book is very intense but it is a happy grumbling.Final Commentary:I
have attended talks by Charlie Hunt over the years. Charlie is
extremely knowledgeable and is very passionate about the JVM. No wonder,
he has turned up a gem of a book.

Friday, March 9, 2012

We live in a very interesting world. I term it interesting and not dangerous because I see a lot more good in this world than the bad. So unlike the media who love to portray the bad primarily, I would like to talk about the good in the world. A good in the world for the last few years has been Open Source.

Now let us look at Web Browsers. They have been our gateways to the Internet content. Of course, you need a ISP or a Wifi connection to get to the internet. But the browsers have been the main avenue to access the rich content that is on the internet. Browsers such as Mozilla Firefox, Google Chrome and Opera have been very beneficial to the world. All 3 of them take security of their users very seriously.

Now let us talk about the value of Security Response to open source projects. Almost all major OSS foundations (Apache, JBoss, Linux etc) are backed by a proactive security response team who stay on top of vulnerabilities in their projects.

As the number of open source projects is on the rise, it is critical that you adopt a open source project that has an excellent security response team as well as provides newer versions of the project with the fixes. Also the ball is in your park to stay on top of newer releases. If you are unable to manage the patches or get on newer versions of projects, then I suggest strongly that you adopt commercial versions of open source software such as the JBoss Platforms (EAP, SOA-P, EPP etc), Hadoop (Cloudera/MapR/HortonWorks) etc because these are backed by a security response team, who will provide the necessary patches. Trust me, all software at all times will have at least one vulnerability. Software does not get created by magic but by humans who are prone to mistakes.

For this reason, I feel that the security response is a critical aspect for Open Source Choice and Adoption. Please visit Red Hat's Security Response for additional information: http://www.redhat.com/security
as well as understanding the role of open source and security.